Názor k článku TrueCrypt: profesionální ochrana dat zdarma od Tofu - V diskusii na http://www.redhatmagazine.com/2007/01/18/disk-encryption-in-fedora-past-present-and-future/ sa objavila zaujimava kritika...

V diskusii na http://www.redhatmagazine.com/2007/01/18/disk-encryption-in-fedora-past-present-and-future/ sa objavila zaujimava kritika Truecryptu. Aj ked autor uviedol len prve meno (Greg) oplatilo by sa jeho tvrdenia preskumat:

Problems with TrueCrypt that DM-Crypt, LUKS, loop-AES, etc. do NOT have:
TrueCrypt has a number of problems IMHO– problems that are not shared by its counterparts mentioned above.

1) Secretive, hidden developer community: The controlling project developers and the so-called “TrueCrypt Foundation” are hidden behind an anonymous screen of Internet tools. Their “foundation” doesn’t seem to be registered ANYWHERE or tied to any physical location or official entity. Their identities, names, backgrounds, countries-of-origin, etc. are unknown to anyone but their inner-circle and they refuse to address this issue (or even to explain themselves). This kind of black-hat persona certainly doesn’t lend itself to the trust of a corporate/business world, for good reason.

Furthermore, they rule their community with an iron fist and do so inconsistently. This makes it extremely difficult to maintain a normal support atmosphere there (would-be community members leave and abandon the project on a regular basis).

2) Cumbersome, antiquated licensing terms: TrueCrypt was born out of the OLD Encryption-For-The-Masses framework (e4m) and contains the work of several other authors/packages with inconsistent licensing conditions. This has caused them trouble in the past, for example when they tried to move their product to the GPL (unsuccessfully).

3) Information control issues: Forums will be suddenly taken offline, apparently deliberately, as certain critical discussions occur. This occurs frequently whenever a new version is released. At the very least, this makes it very hard to support the product properly as a member of their user community, let alone the trust issues this causes.

Furthermore, there are no published bug reports or vulnerabilities listed anywhere except for whatever makes it into their forums and isn’t deleted. Their bug submissions are only accepted through a private Web form on their site.

Finally, certain forums aren’t even visible for public viewing unless you first register. No explanation has been given for this.

For all these and many reasons, I now favor the work done in the “open” world by these other projects and I will no longer personally support TrueCrypt as an encryption platform. If you want the time/effort of folks like myself, you’ll stay away from the TrueCrypt-style tactics I’ve described.